a454217bd4
Update info -d markdown
2025-06-24 11:21:49 +01:00
37388ca1be
Adds sentinel values to modules missing notes
2025-06-23 12:24:58 +01:00
a4b14d8b64
Runs Rubocop to fix layout in modules
2025-06-20 15:18:01 +01:00
0017fbdf56
Updates more dead links
2025-02-28 10:30:14 +00:00
0334d28553
Apply final suggestions from code review
2023-08-18 15:40:58 -04:00
b064578488
Apply suggestions from code review
2023-08-18 15:37:11 -04:00
4ddd789f51
Apply suggestions from code review
2023-08-18 15:33:59 -04:00
84ad51b5c7
rubocop
2023-07-16 05:38:51 +02:00
a9a6b03979
Update modules/exploits/multi/php/jorani_path_trav.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-07-11 09:28:20 +02:00
56619e6da3
Update modules/exploits/multi/php/jorani_path_trav.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-07-11 09:28:14 +02:00
8d08a2a144
Update modules/exploits/multi/php/jorani_path_trav.rb
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2023-07-11 09:28:05 +02:00
068a81a638
First remove the check after the triggering payload as it is not reliable. Adding the documentation after checking it with the dev tool
2023-06-28 08:53:50 +02:00
1b7e1343f8
Fix up some points noted during review
2023-06-27 11:32:44 -05:00
c11dd0efc4
Fix up RuboCop errors
2023-06-27 11:23:41 -05:00
8cae031d97
update after rubocop and advice
2023-06-27 16:08:55 +02:00
784f76b355
update after rubocop
2023-06-19 14:31:23 +02:00
8d7dc7ae26
Add exploit for unauth RCE Jorani
2023-06-19 06:16:07 +02:00
c39b437f01
Increase timeout for laravel rce check method
2022-09-13 22:36:53 +01:00
891387885b
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:50 +01:00
bbb66eba55
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:26 +01:00
acfc7348c3
Fixed typos
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:47:10 +01:00
c935bc6388
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:25 +01:00
2e73469b6b
Update modules/exploits/multi/php/ignition_laravel_debug_rce.rb
...
Fix typos
Co-authored-by: Brendan <bwatters@rapid7.com >
2022-02-15 08:46:02 +01:00
ca62a05ce1
Clenup and check strategy
...
- Removed else statements from check in favor of implicit return
- Added comment explaining the check strategy (to be less intrusive)
2022-02-11 00:30:31 +01:00
d1764b2e75
Update option name
...
Update option name from LOGPATH to LOGFILE to become more intuitive.
2022-02-11 00:00:19 +01:00
df53a62cc9
Making reason from failures more descriptives
...
Cases
[x] User defined wrong log file
[-] Exploit aborted due to failure: unexpected-reply: Log file
/var/www/log.log seems doesn't exit
[x] module doesnt detect the log file
[-] Log file does not exist /var/www/storage/logs/laravel.log
[-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detecte
[x] site doesnt respond with error, module unable to find the log
directoy
[-] Unable to automatically find the log file. To continue set
LOGPATH manually
[-] Exploit aborted due to failure: bad-config: Log file is
required, however it was defined nor it was not automatically detected
[x] site with debug mode false
[-] Exploit aborted due to failure: not-vulnerable: The target is
not exploitable. "set ForceExploit true" to override check result
2022-02-10 23:40:49 +01:00
719e71648c
Change Vulnerable to Appear in the check method
...
As we can't determine with certainly whether the target is vulnerable the check method should return appear instead of vulnerable.
Co-authored-by: Simon Janusz <85949464+sjanusz-r7@users.noreply.github.com >
2022-02-10 20:08:36 +01:00
cc52850ff0
Fix coding style offenses.
2022-02-09 21:30:17 +01:00
da1bc1f6d1
Change exploit Rank. Add AutoCheck. Remove custom timeout on request cgi.
2022-02-09 21:19:10 +01:00
c7092861e0
Fix the CVE format based on failed tests
2022-02-08 14:38:54 +01:00
f1fe6b7c89
Add module to CVE-2021-3129
2022-02-08 14:21:10 +01:00
46c2d343bd
duplicator add check_plugin line
2021-10-29 17:22:12 -04:00
28eab4d871
Add Meterpreter compatibility metadata
2021-10-06 13:54:51 +01:00
46718e3390
Run Rubocop layout rules on modules
2021-09-10 12:53:39 +01:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
cf9b94a964
Set needs_cleanup flag for exploits that need it
...
The `needs_cleanup` flag needs to be set per-module when an exploit
needs an interactive session to clean up. Some `FileDropper` exploits
need additional cleanup to what the mixin provides, but since all
`FileDropper`s already mark themselves as needing cleanup those are not
covered here. A few of these could potentially be refactored to use the
original exploitation method to clean up or to compile the list of
files/commands to clean up ahead of time, but that is out of the scope
of this fix.
2019-08-02 10:23:53 -05:00
b82e3469a2
renamed module and doc
2018-12-11 11:59:19 -06:00
7e953e34b9
Added the clean_up function
2018-12-11 18:13:46 +01:00
224e782772
Cleaned the create_wp_config_file function
2018-12-05 10:56:22 +01:00
2774c17ca1
Replaced print_error and return with a fail_with
2018-12-05 10:11:09 +01:00
2735c71bda
Fixed typos, removed not working cleaning
2018-12-04 18:42:54 +01:00
b58342843b
Refactored check
2018-12-04 12:03:49 +01:00
6874dddc55
Fix space at EOL and sed replace
2018-11-30 15:26:14 +01:00
a4ee221333
Fixed the timeout for web requests
2018-11-30 14:47:41 +01:00
160015d3a7
Check the HTTP response first
2018-11-29 18:54:07 +01:00
984354194f
Check the HTTP response first
2018-11-29 18:49:41 +01:00
2b61c4e118
Fixes for PR
2018-11-29 15:02:03 +01:00
02f2a2828e
Fix references CVE and WPVDB
2018-11-14 18:19:12 +01:00
3daec992c8
Fix indentation
2018-11-14 18:08:31 +01:00
cgranleese-r7